• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[DEV] Bootloader unlock procedure and software

Search This thread

Bear6009

Member
Jul 30, 2010
39
2
Did you install Minimal ADB and Fastboot? It's the same directory then (usually c:\adb), fastboot.exe should be in there, too.
If you get the good ol' "wating for device" issue, install these drivers.

I was having a hard time because i was trying to see if the devices was connected by adb devices, but that wont show up while in fast boot. DUH lol

20150911_102848.jpg


:) lovely! THANKS @Davey126 and @Cl4ncy

Now on to roms!
Is there a way to run two roms? like dual boot?
 

DB126

Senior Member
Oct 15, 2013
15,265
10,043
I was having a hard time because i was trying to see if the devices was connected by adb devices, but that wont show up while in fast boot. DUH lol

20150911_102848.jpg


:) lovely! THANKS @Davey126 and @Cl4ncy

Now on to roms!
Is there a way to run two roms? like dual boot?
Congrats - glad all is well. Only one rom at a time when using 'native' twrp as you flashing directly to the system partition. However, you can backup and restore different roms in twrp. Safestrap offers dual boot capability but you really don't need/want to use that if you can flash natively.
 

rlkellyjr

Member
Jan 21, 2011
28
0
southeastern
Big Question? If I do a rollback, and then manually update to 4.5.2, then root my kindle again, If a boot loader unlock is made available for the 4.5.2 to 4.5.5 firmware's, will I be able to update and preform that procedure? Or once you do this rollback, are you stuck at 4.5.2??
 

DB126

Senior Member
Oct 15, 2013
15,265
10,043
Big Question? If I do a rollback, and then manually update to 4.5.2, then root my kindle again, If a boot loader unlock is made available for the 4.5.2 to 4.5.5 firmware's, will I be able to update and preform that procedure? Or once you do this rollback, are you stuck at 4.5.2??
Bootloader unlock is unlikely; better odds buying a lottery ticket. That said if an unlock were to become available you would have complete control over your device. Current OS would be irrelevant.

Better to be on 4.5.2 and rooted than 4.5.5 and locked into Amazon's upgrade/obsolescence path. Note rollback is only available on 3rd gen devices (all 7" and 8.9" manufactured before 3Q14; snapdragon 800 processor). There is no option to root or rollback a 4th gen device (snapdragon 805).
 

Jamesblond005

Member
Dec 16, 2011
23
2
Ok I get to the stage below please guide me . Im a total newbie on a customisable bootloader and nexus 2.05. Ive managed to create the img file unsure how to proceed with the instructions below.where is the fastboot directory
Please help thanks

copy that file to your fastboot directory.

on an ADB prompt type

Code:
adb reboot-bootloader

then on a fastboot prompt type

Code:
fastboot -i 0x1949 devices
fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
fastboot -i 0x1949 reboot

thats it.

Gathered all from this thread, just a little clearer I think...
thanks to @dpeddi, @vortox, @draxie, @ApokrifX[/QUOTE]
 

Jamesblond005

Member
Dec 16, 2011
23
2



'www.microsoft.com' appears unr
Please check your internet conn
Press any key to continue . . .


Downloading 'https://www.virtua
loads\1-Click(1)\1-Click\dwnlds
Download complete.


Downloading 'http://download.vi
105127-Win.exe' to 'C:\Users\Di
14-105127-Win.exe'
Download complete.

Launching the VirtualBox instal
Please complete the installatio

Installation complete.

VBoxManage.exe: error: Machine
lick\1-Click.vbox' already exis
VBoxManage.exe: error: Details:
achineWrap, interface IMachine,
VBoxManage.exe: error: Context:
raw(), ComSafeArrayAsInParam(gr
hine.asOutParam())" at line 272
VBoxManage.exe: error: Could no
VBoxManage.exe: error: Details:
nent VirtualBoxWrap, interface
VBoxManage.exe: error: Context:
utParam())" at line 1027 of fil
VBoxManage.exe: error: Could no
VBoxManage.exe: error: Details:
nent VirtualBoxWrap, interface
VBoxManage.exe: error: Context:
utParam())" at line 325 of file
VBoxManage.exe: error: Could no
VBoxManage.exe: error: Details:
nent VirtualBoxWrap, interface
VBoxManage.exe: error: Context:
utParam())" at line 486 of file
VBoxManage.exe: error: Could no
VBoxManage.exe: error: Details:
nent VirtualBoxWrap, interface
VBoxManage.exe: error: Context:
e.asOutParam())" at line 224 of
Oracle VM VirtualBox Headless I
(C) 2008-2016 Oracle Corporatio
All rights reserved.

Invalid machine name or UUID! unsure where i went wrong have tried this numerous times getting the previous error
 
Last edited:

Cl4ncy

Senior Member
Jul 9, 2015
367
198
Ok I get to the stage below please guide me . Im a total newbie on a customisable bootloader and nexus 2.05. Ive managed to create the img file unsure how to proceed with the instructions below.where is the fastboot directory
Please help thanks

copy that file to your fastboot directory.

on an ADB prompt type

Code:
adb reboot-bootloader

then on a fastboot prompt type

Code:
fastboot -i 0x1949 devices
fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
fastboot -i 0x1949 reboot

thats it.

Gathered all from this thread, just a little clearer I think...
thanks to @dpeddi, @vortox, @draxie, @ApokrifX
Do you have Minimal ADB & Fastboot installed? Check this post then.
 
Last edited:

Jamesblond005

Member
Dec 16, 2011
23
2
Hi yes I have minimal adb installed think I may have a issue with the pc recognising my kindle now. I can only get it to display the files within the kindle in twrp currently it dosent seem to mount otherwise. The problem may have been it wasnt displaying a kindle as being connected it was showing a Nexus 2.0.5 , i may have deleted that and now it dosent display my kindle unless i mount it in twrp

Do you have Minimal ADB & Fastboot installed? Check this post then.[/QUOTE]
 

Cl4ncy

Senior Member
Jul 9, 2015
367
198
Hi yes I have minimal adb installed think I may have a issue with the pc recognising my kindle now. I can only get it to display the files within the kindle in twrp currently it dosent seem to mount otherwise. The problem may have been it wasnt displaying a kindle as being connected it was showing a Nexus 2.0.5 , i may have deleted that and now it dosent display my kindle unless i mount it in twrp


Do you have Minimal ADB & Fastboot installed? Check this post then.
Did you install the drivers linked in the post I referred to above? They help to get the HDX getting recognized by fastboot during the unlock procedure, but lead to the problem that the HDX won't get recognized by Windows anymore. But that doesn't matter for unlocking, just proceed with the adb & fastboot commands, get the HDX unlocked, then re-install the original Amazon drivers, and everything will be fine. ;)
 
Last edited:

Jamesblond005

Member
Dec 16, 2011
23
2
Hi this is what I get when I try the unlock procedure


C:\adb>fastboot -i 0x1949 devices
D0FBA0A03451042E fastboot

C:\adb>fastboot -i 0x1949 flash unlock 0x115dd87787.unlock
error: cannot load '0x115dd87787.unlock'

On kindle hdx I get

getvar:partition-type:unlock...ok.
Ready.

Did you install the drivers linked in the post I referred to above? They help to get the HDX getting recognized by fastboot during the unlock procedure, but lead to the problem that the HDX won't get recognized by Windows anymore. But that doesn't matter for unlocking, just proceed with the adb & fastboot commands, get the HDX unlocked, then re-install the original Amazon drivers, and everything will be fine. ;)[/QUOTE]
 

Cl4ncy

Senior Member
Jul 9, 2015
367
198
Hi this is what I get when I try the unlock procedure


C:\adb>fastboot -i 0x1949 devices
D0FBA0A03451042E fastboot

C:\adb>fastboot -i 0x1949 flash unlock 0x115dd87787.unlock
error: cannot load '0x115dd87787.unlock'

On kindle hdx I get

getvar:partition-type:unlock...ok.
Ready.


Did you install the drivers linked in the post I referred to above? They help to get the HDX getting recognized by fastboot during the unlock procedure, but lead to the problem that the HDX won't get recognized by Windows anymore. But that doesn't matter for unlocking, just proceed with the adb & fastboot commands, get the HDX unlocked, then re-install the original Amazon drivers, and everything will be fine. ;)
Did you copy/move the .unlock file into the adb directory? Otherwise you have to enter the path to it as well. (That's why it's recommended to put it into the adb directory).
 

Jamesblond005

Member
Dec 16, 2011
23
2
yes the unlock file is in adb\0x115dd88787.unlock. Im getting rather concerned now I cant seem to get my kindle recognised on the pc, Id work around that but have been unable to unlock the bootloader either , have been at this for days on and of


Did you copy/move the .unlock file into the adb directory? Otherwise you have to enter the path to it as well. (That's why it's recommended to put it into the adb directory).
 
Last edited:

DB126

Senior Member
Oct 15, 2013
15,265
10,043
yes the unlock file is in adb\0x115dd88787.unlock. Im getting rather concerned now I cant seem to get my kindle recognised on the pc, Id work around that but have been unable to unlock the bootloader either , have been at this for days on and of
Reviewing post history it appears your device started at 3.2.4 w/Safestrap v3 and then attempted to auto update to an unknown version (you speculated 3.2.5) which was canceled before completion followed by a factory reset (typically yields brick w/Safestrap installed - got lucky) . Device then reported 13.3.0.0. It is possible your bootloader remain at a level (>3.2.3.2) that can not be unlocked.

You may want to consider flashing TWRP sooner vs later as it will: 1) confirm if bootloader is eligible for unlock/signature forging; and 2) offer additional recovery capability of something goes wrong with subsequent flash/upgrade/rollback attempts. Note you can install custom versions Nexus v2 (Jelly Bean) or CM11 (KitKat) from TWRP on devices with a locked bootloader. If you go this route you will still have the opportunity to unlock later (involves reinstalling FireOS; not for the faint of heart).

Thoughts from others (@CL4ncy; @draxie)?
 

Jamesblond005

Member
Dec 16, 2011
23
2
Hi Davey no I have TWRP installed I dont have safestrap haven't had it installed for quite some time. Find the whole process difficult to be honest, with no programming knowledge. I may just leave as is with TWRP installed . How do I get the kindle recognized without mounting it in TWRP. Thanks for your help
JB


Reviewing post history it appears your device started at 3.2.4 w/Safestrap v3 and then attempted to auto update to an unknown version (you speculated 3.2.5) which was canceled before completion followed by a factory reset (typically yields brick w/Safestrap installed - got lucky) . Device then reported 13.3.0.0. It is possible your bootloader remain at a level (>3.2.3.2) that can not be unlocked.

You may want to consider flashing TWRP sooner vs later as it will: 1) confirm if bootloader is eligible for unlock/signature forging; and 2) offer additional recovery capability of something goes wrong with subsequent flash/upgrade/rollback attempts. Note you can install custom versions Nexus v2 (Jelly Bean) or CM11 (KitKat) from TWRP on devices with a locked bootloader. If you go this route you will still have the opportunity to unlock later (involves reinstalling FireOS; not for the faint of heart).

Thoughts from others (@CL4ncy; @draxie)?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 39
    I get to unlock the bootloader of my kindle hdx 8.9

    Prerequisite:
    - Bootloader shipped with firmwareversion 1[34].3.1.0 <= x <= 1[34].3.2.4 (as we use the rsa bug)
    - Rooted kindle

    adb shell
    cat /sys/block/mmcblk0/device/manfid
    cat /sys/block/mmcblk0/device/serial

    create a file unlock.img with following content:
    0xmmssssssss
    where mm=manfid and ss=serial

    encrypt it with my vortox fork of signing tool at

    https://github.com/dpeddi/Cuber

    ./cuber_unlockbl --sign ./unlock.img ./unlock.signed

    connect the hdx to a linux box and do following command:

    ./fastboot -i 0x1949 devices
    ./fastboot -i 0x1949 flash unlock unlock.signed
    ./fastboot -i 0x1949 reboot

    adb shell
    idme print
    [...]
    unlock_code: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMsv9S[...]WRUFx7FaA==

    to get into fastboot mode you can press:
    standby volume+ volume- at the same time and keep pressed

    follows list of fastboot command:
    fastboot -i 0x1949 getvar product
    fastboot -i 0x1949 getvar version
    fastboot -i 0x1949 getvar kernel
    fastboot -i 0x1949 getvar serialno
    fastboot -i 0x1949 getvar production
    fastboot -i 0x1949 getvar partition-size:userdata|sytem|cache
    fastboot -i 0x1949 getvar partition-type:userdata|sytem|cache
    fastboot -i 0x1949 getvar max-download-size
    fastboot -i 0x1949 boot (still untested by me)
    fastboot -i 0x1949 verify (still untested by me)
    fastboot -i 0x1949 flash (still untested by me)
    fastboot -i 0x1949 erase (still untested by me)
    fastboot -i 0x1949 continue
    fastboot -i 0x1949 reboot
    fastboot -i 0x1949 reboot-bootloader
    fastboot -i 0x1949 oem device-info
    fastboot -i 0x1949 oem idme ? (only if unlocked)
    fastboot -i 0x1949 oem idme cl3an (untested by me but is destructive!)
    fastboot -i 0x1949 oem idme v3rsion (untested by me but seems destructive!)
    fastboot -i 0x1949 oem relock (i'm lazy to test it)
    fastboot -i 0x1949 dump (don't work with current windows implementation of fastboot that i'm using now - try this)

    you can use python only tool too :
    http://forum.xda-developers.com/kin...tools-create-unlock-img-fix-boot-img-t3050689
    http://forum.xda-developers.com/kin...e-software-t3030281/post58897784#post58897784

    Regards and thank to all (ralekdev, jcase, Hashcode, Cpasjuste, Vortox, draxie...)
    33
    Hi there,

    With so many complaints about Linux dependencies,
    I figured a Python-only version of cuber may be a good idea.
    (Windows does have Python ports, right?
    You'll still need python-gmpy2, in addition to fairly standard Python stuff.)

    So, here it comes.
    Both boot images and unlock codes are supported,
    depending on what you pass on the command line.

    For unlock codes, figure out your manfid and serial
    as explained by the OP, and use the following:
    Code:
    > python cuberHDX.py [I]mmssssssss[/I]
    Your unlock code is in '[I]mmssssssss[/I].unlock'.
    And, then do the fastboot dance from the OP.

    For boot images, the procedure is fairly similar:
    Code:
    > python cuberHDX.py [I]your-boot.img[/I]
    Your image '[I]your-boot.img[/I]' is now "signed".

    I've downloaded and tested the new version (-v2),
    and it works fine on my Apollo.

    For other that might not have understood as easily..., (its been a while since I work with anything) complete as follows. tested on HDX 7 (Thor) Rooted 13.3.1.0

    get Python 2.7 for windows and install it

    get GMPY2 for Python 2.7

    open command prompt to your ADB directory:

    Code:
    adb shell
    cat /sys/block/mmcblk0/device/manfid
    cat /sys/block/mmcblk0/device/serial

    from these 2 results you get your the code we need, insert the last 2 digits of the manfID with your serial
    following

    like this: mmssssssss

    download the attachment on the following post: http://forum.xda-developers.com/showpost.php?p=58864282&postcount=46
    Then place the file inside the attachement to C:\Python27 should be C:\Python\cuberHDX.py

    open command prompt in: C:\Python27

    replace "mmssssssss" with yours below:
    Code:
    python.exe cuberHDX.py 0xmmssssssss

    that will put a new 0xmmssssssss.UNLOCK file in the Python27 directory

    copy that file to your fastboot directory.

    on an ADB prompt type

    Code:
    adb reboot-bootloader

    then on a fastboot prompt type

    Code:
    fastboot -i 0x1949 devices
    fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
    fastboot -i 0x1949 reboot

    thats it.

    Gathered all from this thread, just a little clearer I think...
    thanks to @dpeddi, @vortox, @draxie, @ApokrifX
    8
    Python-only cuber

    Don't bother with the obsolete cuberHDX.py, please refer to this post my new post for a python-less alternative instead.

    Hi there,

    With so many complaints about Linux dependencies,
    I figured a Python-only version of cuber may be a good idea.
    (Windows does have Python ports, right?
    You'll still need python-gmpy2, in addition to fairly standard Python stuff.)

    So, here it comes.
    Both boot images and unlock codes are supported,
    depending on what you pass on the command line.

    For unlock codes, figure out your manfid and serial
    as explained by the OP, and use the following:
    Code:
    > python cuberHDX.py [I]mmssssssss[/I]
    Your unlock code is in '[I]mmssssssss[/I].unlock'.
    And, then do the fastboot dance from the OP.

    For boot images, the procedure is fairly similar:
    Code:
    > python cuberHDX.py [I]your-boot.img[/I]
    Your image '[I]your-boot.img[/I]' is now "signed".

    Finally, v3 fixes the text/binary issue and SHOULD work also on Windows.
    I cannot test as I do not have that OS..

    Oh, and thanks go to @vortox and @dpeddi for the predecessors of this script.


    UPDATE:

    For those who miss the '-c|--check' option of the original cuber,
    you can simply use the openssl command line to verify your unlock code.
    (Scroll to the right for the revelation.)
    Code:
    > python cuberHDX.py AA12345678
    Your unlock code is in 'AA12345678.unlock'.
    > openssl rsautl -verify -inkey unlock.crt -certin -in AA12345678.unlock -hexdump
    0000 - 30 78 41 41 31 32 33 34-35 36 37 38 0a 00 00 00   0xAA12345678....
    0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
    0020 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
    0030 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
    0040 - 00 00 00 00 00 00 00 00-00 00 00 93 6a d2 8e da   ............j...
    0050 - 94 30 8b 2c 38 21 09 2e-bd e1 13 7d dd e0 ba 22   .0.,8!.....}..."
    0060 - e0 1d 8d 73 8a a3 f1 ac-5b f5 3d 06 c5 95 ba 2f   ...s....[.=..../
    0070 - ab fe 86 7c 26 64 3d ee-47 84 1b cb 12 6a 42 27   ...|&d=.G....jB'
    0080 - 53 04 14 f6 a4 17 89 fc-8c b6 96 d3 10 de 21 35   S.............!5
    0090 - dc 8b c5 6e 4c ec f2 9e-c1 50 72 8a 06 ff 3b 61   ...nL....Pr...;a
    00a0 - 1a a3 52 bd c3 04 13 4c-a1 2a 8f 93 88 6b 46 cf   ..R....L.*...kF.
    00b0 - df 1f 1b f3 a1 7a d1 9d-a2 04 77 8a a3 37 14 c5   .....z....w..7..
    00c0 - 08 98 5f ac 5b d7 0f 1f-fa fe 0f e2 a4 65 5f b3   .._.[........e_.
    00d0 - f7 8b 9f bf a5 b2 28 84-39 e2 0d 03 6b 82 03 f2   ......(.9...k...
    00e0 - 25 dc f1 41 9d 27 75 6f-10 fe 93 0d c7 95 71 67   %..A.'uo......qg
    00f0 - 54 2b                                             T+
    00f5 - <SPACES/NULS>
    You can add the '-raw' flag to the end of the command line
    if you also want to see the PKCS padding string...

    For boot images, slightly more acrobatics is needed,
    for getting the hash and the signature, but it's not too bad.
    This assumes 'dd' is available on your platform.
    Code:
    [COLOR="Lime"]>[/COLOR] dd if=boot.img bs=2k of=/dev/null
    [COLOR="Red"]3634[/COLOR]+0 records in
    3634+0 records out
    7442432 bytes (7.4 MB) copied, 0.00792165 s, 940 MB/s
    [COLOR="Lime"]>[/COLOR] dd if=boot.img bs=2k skip=[COLOR="Red"]3633[/COLOR] count=256 iflag=count_bytes of=sig
    0+1 records in
    0+1 records out
    256 bytes (256 B) copied, 0.000197051 s, 1.3 MB/s
    [COLOR="Lime"]>[/COLOR] openssl rsautl -verify -inkey production.crt -certin -in sig -hexdump
    0000 - ad 84 84 25 a7 89 57 c3-8c 67 6a c3 25 5c b7 2e   ...%..W..gj.%\..
    0010 - f4 c8 90 ac a2 fb bf 36-91 3c 43 18 f4 08 c4 9e   .......6.<C.....
    0020 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
    0030 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
    0040 - 00 00 00 00 00 00 00 00-00 00 00 a4 8f 3e 09 eb   .............>..
    0050 - 65 3c 1b 3e de 2e b8 0b-6c 37 55 40 40 9e c0 dd   e<.>[email protected]@...
    0060 - f7 e0 25 7d 32 18 1b 93-dc ee 1e 9f 7c b7 1b 00   ..%}2.......|...
    0070 - d8 62 ec 67 b2 46 74 e8-7f 58 3a b7 ff 22 60 cf   .b.g.Ft..X:.."`.
    0080 - c4 27 07 83 3f d1 01 06-f6 e6 63 b7 77 5e 45 1f   .'..?.....c.w^E.
    0090 - 6e 85 2f 29 4f d0 89 70-fb d7 3c e2 da 6f e3 06   n./)O..p..<..o..
    00a0 - 5a f2 1f 9e ca aa 7d 84-24 f4 56 9d 8f 16 cf 9c   Z.....}.$.V.....
    00b0 - c1 07 74 c4 b4 1b f4 7f-04 95 cf d4 93 a1 59 e8   ..t...........Y.
    00c0 - 34 a6 aa 2a 7a 39 05 50-0f bb 2d 41 71 cf 8b 47   4..*z9.P..-Aq..G
    00d0 - 7a e5 70 3c 36 27 e0 c1-a6 14 2b 28 92 f9 d1 c3   z.p<6'....+(....
    00e0 - ac 1e 54 05 10 49 00 6d-ed f9 8a 0b f6 e7 4a 29   ..T..I.m......J)
    00f0 - 9a 74 27 10                                       .t'.
    00f5 - <SPACES/NULS>
    [COLOR="Lime"]>[/COLOR] dd if=boot.img bs=2k count=[COLOR="Red"]3633[/COLOR] | sha256sum
    3633+0 records in
    3633+0 records out
    7440384 bytes (7.4 MB) copied, 0.0493471 s, 151 MB/s
    ad848425a78957c38c676ac3255cb72ef4c890aca2fbbf36913c4318f408c49e  -
    The first 'dd' line to '/dev/null' is just to get the size in pages.
    You can do the math yourself instead. I'm just lazy...
    The other 'dd' lines use that size-1, which may not always work,
    since some images contain additional all-zero pages at the end.
    In that case you'll need to experiment with the value to skip,
    or use a hexdump utility to figure out the offset.

    Oh, and you can get all those pesky certificates from
    an ancient post of mine (speculating about a bootloader unlock).
    4
    Hello,

    steps for unlocking described by @ceyo14 here
    Some additional tips/guidance here which complements the link in the post by @D0ubl3_X. Although there are several different BL unlock guides/tools circulating I have found the one by @cey014 works best for my limited brain power.

    Unlocking is not hard but does involve utilizing tools/techniques you may not be familiar with and potentially fighting with Windows device drivers/security...especially on Win 8.1 x64. Ask targeted questions along the way; folks are generally willing to help if you have done your homework. There are no one click apks or hand holding tutorials. Grab the beverage of your choice, roll up your sleeves and plan to spend a fun evening screwing with stuff that is somewhat arcane.
    3
    Note that it *IS* possible to roll back from 3.2.x to 3.1.0
    at least, up to and including 3.2.6, which I had before TWRP came.
    The instructions for 3.2.5 and above are at the end of the post.
    The procedure is verified for 3.2.6, but f you can get root on your device,
    I suspect that this might work for 3.2.7 & 3.28 as well, but I don't know
    (since I happened to have 3.2.6 at the time).

    If you are the adventurous type and you understand what the scripts do,
    you can "extrapolate" and move to 3.2.3.2 directly (which is what I did),
    but it may be both faster and easier to move to 3.1.0 first, and then use
    the stock update from Amazon to upgrade to 3.2.3.2.

    In either case, you'll need to fetch one of these, depending on your device:

    https://kindle-fire-updates.s3.amazonaws.com/update-kindle-13.3.2.3.2_user_323001720.bin
    https://kindle-fire-updates.s3.amazonaws.com/update-kindle-14.3.2.3.2_user_323001720.bin


    Good luck!

    Amazon started including anti-rollback protection for x.3.2.7 and x.3.2.8.